if ($user->getRole() === 'STUDENT') { $_SESSION['user'] = Student::createStudentFromId($userid); } else { $_SESSION['user'] = Teacher::createTeacherFromId($userid); } clearFailedLogins($userid); $_SESSION['timeout'] = time(); $message = "User {$userid} has been successfully logged in."; if (isset($_SESSION['url']) && isset($_SESSION['urlid']) && $userid == $_SESSION['urlid']) { $url = $_SESSION['url']; unset($_SESSION['url']); unset($_SESSION['urlid']); } else { $url = '../portalhome.php'; } returnToPageSuccess($message, $url); } else { //Check when the last failed login was $lastFailedLogin = strtotime($user->getLastFailedLogin()); if ($lastFailedLogin + 60 * 60 > time()) { //Within last failed login so check how many failures there've been $attempts = $user->getLoginAttempts(); if ($attempts > 3) { lockUser($user->getUserId()); $errorMessage = 'You have entered incorrect details too many times and have been temporarily locked out. Please come back soon and try again.'; } else { $attempts++; incrementFailedLogins($user->getUserId(), $attempts); $errorMessage = 'Incorrect username/password, please try again.'; } } else {
} if ($type !== "NULL" && $tagId !== "") { $query5 = "INSERT INTO TQUESTIONTAGS (`Tag ID`, `Stored Question ID`) VALUES ({$tagId}, {$sqid});"; try { db_query_exception($query5); } catch (Exception $ex) { db_rollback_transaction(); $message = "There was a problem adding a tag to the worksheet, please try again."; returnToPageErrorException($message, $ex); } } } } db_commit_transaction(); $message = "Worksheet ({$wname}) added successfully."; returnToPageSuccess($message, $vid); } else { $message = "Something went wrong adding the worksheet, please try again."; returnToPageError($message); } function updateAllTags($string) { $updates = explode('/', $string); foreach ($updates as $update) { updateTag($update); } } function convertTagsToArray($string) { $tags = explode('/', $string); $tagsArray = [];
//Staff user $query2 = "INSERT INTO TSTAFF (`User ID`, `Title`, `Initials`, `Classroom`, `Phone Number`)\r\n VALUES({$userid}, '{$title}', '{$initials}', '{$classroom}', '{$number}');"; } try { $resultArray1 = db_insert_query_exception($query2); } catch (Exception $ex) { if ($ex->getMessage() !== null) { $desc = $ex->getMessage(); } else { $desc = "Something went wrong while saving the new user."; } $message .= seriousError($desc); returnToPageError($message); } $message = "User '{$fname} {$sname}' successfully added."; returnToPageSuccess($message); } else { $desc = "Something went wrong while saving the new user."; $message .= seriousError($desc); returnToPageError($message); } function returnToPageError($message) { $type = 'ERROR'; if (!isset($message)) { $message = 'Something has gone wrong'; } infoLog($message); $_SESSION['message'] = new Message($type, $message); header("Location: ../createUser.php"); exit;
if (!authoriseUserRoles($userRole, ["SUPER_USER"])) { header("Location: ../unauthorisedAccess.php"); exit; } } $userid = filter_input(INPUT_POST, 'userid', FILTER_SANITIZE_NUMBER_INT); if (isset($userid) && $userid != 0) { $user = User::createUserLoginDetails($userid); if ($user->getRole() === 'STUDENT') { $_SESSION['user'] = Student::createStudentFromId($userid); } else { $_SESSION['user'] = Teacher::createTeacherFromId($userid); } unset($_SESSION['url']); unset($_SESSION['urlid']); returnToPageSuccess($user->getUserId()); } else { $message = "You are unable to switch users at this time."; returnToPageError($message); } function returnToPageError($message) { $type = 'ERROR'; if (isset($_SESSION['user'])) { $user = $_SESSION['user']; $userid = $user->getUserId(); $msg = "User {$userid} was unable to switch users as the id was not correctly set."; errorLog($msg); } $_SESSION['message'] = new Message($type, $message); header("Location: ../switchUser.php");
$nberror = updateAllTags($updateString, $nberror); } $message = "'{$wname}' successfully updated"; if (count($nberror) > 0) { // Deal with the non=breaking errors $message .= " with the following errors. <br>"; for ($i = 0; $i < count($nberror); $i++) { $message .= "- " . $nberror[$i] . "<br>"; errorLog("Non-breaking error for worksheet '{$wname}': " . $nberror[$i]); } $message .= "Please check all of the questions before continuing."; } else { $message .= "."; } db_commit_transaction(); returnToPageSuccess($message, $version); } else { $type = "ERROR"; $message = "Worksheet failed to update as not all of the required details were entered."; infoLog($message); $_SESSION['message'] = new Message($type, $message); if (isset($version)) { header("Location: ../editWorksheet.php?id={$version}"); } else { header("Location: ../viewAllWorksheets.php"); } exit; } function updateAllTags($string, $nberror) { $updates = explode('/', $string);
if ($ex->getMessage() !== null) { $desc = $ex->getMessage(); } else { $desc = "Something went wrong while saving the users details."; } $message .= seriousError($desc); returnToPageError($message, $userid); } } else { //Not enough info to proceed $message .= "You have not entered all of the required fields."; returnToPageError($message, $userid); } $message = "User '{$fname} {$sname}' successfully updated."; updateCurrentUser(); returnToPageSuccess($message, $userid); } else { $desc = "Something went wrong while saving the users details."; $message .= seriousError($desc); returnToPageError($message, $userid); } function returnToPageError($message, $userid) { $type = 'ERROR'; if (!isset($message)) { $message = 'Something has gone wrong'; } infoLog($message); $_SESSION['message'] = new Message($type, $message); header("Location: ../editUser.php?userid={$userid}"); exit;